扫描报告
0 /100
recall-local
Local memory search for OpenClaw agents. Indexes ~/clawd/memory/ plus MEMORY.md and WORKING.md, exposes keyword search via web UI + API at http://localhost:3456.
Recall Local is a straightforward local memory search tool with no security concerns—the documented behavior matches the implementation exactly.
可以安装
Approve for use. No action required.
| 资源类型 | 声明权限 | 推断权限 | 状态 | 证据 |
|---|---|---|---|---|
| 文件系统 | READ | READ | ✓ 一致 | server.js reads ~/clawd/memory/, ~/clawd/MEMORY.md, ~/clawd/WORKING.md — all sco… |
| 网络访问 | WRITE | WRITE | ✓ 一致 | server.js runs HTTP server on localhost:3456 — declared in SKILL.md setup instru… |
| 命令执行 | NONE | NONE | — | server.js performs no shell execution; SKILL.md shell commands are user-side set… |
1 项发现
中危 外部 URL 外部 URL
http://www.apple.com/DTDs/PropertyList-1.0.dtd SKILL.md:20 目录结构
2 文件 · 9.8 KB · 276 行 JavaScript 1f · 205L
Markdown 1f · 71L
├─
▾
scripts
│ └─
server.js
JavaScript
└─
SKILL.md
Markdown
安全亮点
✓ No external network requests — entirely local operation as documented
✓ No credential access or exfiltration
✓ No obfuscation, base64, or eval usage
✓ No sensitive path enumeration (os.environ iteration, ~/.ssh, ~/.aws, .env)
✓ No remote script execution (curl|bash, wget|sh)
✓ No dependency downloads or pip/npm install without pinning
✓ HTML output properly escapes user-controlled data via esc() function
✓ File access is strictly scoped to declared ~/clawd memory paths
✓ No hidden functionality — code matches documentation one-to-one